SIP settings not preserved anymore

Discussion in 'Mac OS X Guest OS Discussion' started by toonetown, Aug 23, 2019.

  1. toonetown

    toonetown Bit Poster

    I think that with the upgrade to PD15, my SIP settings (via csrutil command run from recovery partition) are no longer being preserved in my test VM. This is what I'm seeing:

    1 - Check "Select boot device on startup"
    2 - Boot to recovery partition
    3 - "Utilities | Terminal"
    4 - "csrutil disable"
    5 - "shutdown -r now"
    6 - Boot into standard partition (don't go into the boot selection menu)
    7 - "csrutil status" -> Shows disabled.

    This is the "working" scenario. However, if I then do the following:
    1 - Shut down VM
    2 - Uncheck "Select boot device on startup"
    3 - Start VM (boots into standard partition)
    4 - "csrutil status" -> Shows enabled.

    I think that changing the "Select boot device on startup" option makes some kind of change to the NVRAM or something that causes my previous settings to be lost. This used to work on PD14. Any ideas of how I can get that option to "stick" (This is for a VM that I use for testing driver development - which is why I need SIP is a pain to have to boot to the recovery partition to reenable it every time I need to use it).
  2. toonetown

    toonetown Bit Poster

    Some additional information - Both my Host machine and my Guest VM are running macOS 10.14.6. I am running Parallels Desktop 15.0.0.

    I just found that if I return to a snapshot, it also "loses" the SIP settings. So - doing this (after disabling SIP):
    1 - Start VM
    2 - "csrutil status" -> Shows disabled
    3 - Shutdown VM
    4 - Create snapshot
    5 - Start VM
    6 - "csrutil status" -> Shows disabled
    7 - Revert to snapshot created in #4
    8 - Start VM
    9 - "csrutil status" -> Shows enabled

    This is really problematic because any time I jump from one snapshot to another, it resets my status.
  3. toonetown

    toonetown Bit Poster

    Some further investigation shows that it appears the NVRAM.dat file is getting deleted whenever I jump to a snapshot. I believe that this may be what is causing the loss of SIP settings.
  4. toonetown

    toonetown Bit Poster


Share This Page